Windows Server 2008: The Identity Server can now be installed on a Windows Server 2008 64-bit operating system on 64-bit hardware. For installation instructions, see Section 5.3, Installing on Windows. For information on migrating the Identity Server from Windows Server 2003 to Windows Server 2008, see Section 9.5, Migrating to Newer Operating Systems.

SLES 11 Support: The Identity Server can now be installed on a SUSE Linux Enterprise Server (SLES) 11 32-bit or 64-bit operating system on 32-bit or 64-bit hardware. For installation instructions, see Section 5.2, Installing on Linux. For information on migrating the Identity Server from SLES 10 to SLES 11, see Section 9.5, Migrating to Newer Operating Systems.

Timeout Per Contract: You can now specify an authentication timeout for each contract, rather than the global session timeout that was applied to all contracts in previous releases. When you upgrade, all contracts are assigned the value specified in the global session timeout, rounded up to the nearest value divisible by 5. You can then modify the contracts to meet your security requirements. For more information, see Configuring Authentication Contracts in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Attributes Sets: When you configure an attribute set, you can specify the format of the remote attribute. For configuration information, see Configuring Attribute Sets in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Passive Authentication: You can configure the authentication request so that it is passive. If the Identity Server can fulfill the authentication request without any user interaction, the authentication succeeds. Otherwise, it fails. For configuration information, see Modifying the Authentication Card for Liberty or SAML 2.0 in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Local Logout: You can configure the Identity Server to perform a local logout rather than the default global logout. The global logout logs the user out of any other identity providers or service providers. For configuration information, see Customizing the Identity Server Logout in the Novell Access Manager 3.1 SP2 Identity Server Guide.

OpenID Authentication Class: Allows the Identity Server to trust and use the credentials of an OpenID server for authentication. For more information, see Configuring for OpenID Authentication in the Novell Access Manager 3.1 SP2 Identity Server Guide.

Password Retrieval Authentication Class: Allows you to fetch and store the user’s password as an LDAP credential when the user authenticates with a contract that does not use a password such as RADIUS, Kerberos, OpenID, or X.509. For more information, see Configuring Password Retrieval in the Novell Access Manager 3.1 SP2 Identity Server Guide.

SAML 2 Enhancements: The following modifications were made for the SAML 2 protocol: